CO-OP Financial Services Issues DDoS Mitigation White Paper

CO-OP Financial Services has announced release of a free DDoS mitigation white paper intended to offer guidance to credit unions, especially in the run up to the possible May 7 attacks announced by groups affiliated with the hacker organization Anonymous.

The white paper is here. It was written by Ray Zadjmool, president of Tevora, a Lake Forest, Calif., information assurance consulting firm.

Included in the white paper is DDoS incidence reporting where a sampling of credit unions were asked if they had ever experienced a DDoS attack. One-third – 33% – said yes. Forty-three percent said they did not kno

Importantly, of the credit unions that had experienced a DDoS attack, none had reported it to external parties, making doing incidence counts difficult.

Only a handful – 7% – said they had DDoS mitigation tactics in place.

The white paper succinctly recaps the recent history of DDoS, and it also offers a non-technical look at the kinds of DDoS that financial institutions have recently been subjected to,

Core to its advice is this: “Credit unions should ... plan for a strategy that deals with DDoS much the same way as a natural disaster; an event that could disable critical services and impacts the ability to conduct business.”

It also follows NCUA’s guidance in outlining a three-pronged approach:*”Perform risk assessments to identify risks associated with DDoS attacks.* Ensure incident response programs include a DDoS attack scenario during testing and address activities before, during, and after an attack.* Perform ongoing third-party due diligence, in particular on Internet and Web-hosting service providers, to identify risks and implement appropriate traffic management policies.”

The white paper also offers analysis of vendor solutions offered by companies such as Akamai and Prolexic.

The paper’s conclusion: “Implementing a DDoS mitigation strategy should take into account a formal assessment of risk, prior planning, third party due diligence, and capital investment. By implementing a variety of methods, credit unions and credit union service organizations can prepare for a security threat that is poised to grow over time.”